Rutx50 Cant Ping LAN Interface and Devices behind LAN

cjuma · February 26, 2025, 11:37am

Hi Team,

Need some Help Peering with Rutx50 on cellular interface via ebgp. Ebgp is between Rutx50 Private APN on cellular and My core on Private IP. Ebgp is established and exchanging all required prefix’s required exchanged from both sides.
However can only Ping the prefix’s on my core from Rutx50 side but not the reverse. Rutx50 is operating on NAT and the firewall rules allowed for both incoming and outgoing tarffic.

Daumantas · March 3, 2025, 11:15am

Hello @cjuma,

Just to clarify, you mentioned that you’re using NAT, is the masquerading flag enabled on the WAN zone in Network → Firewall → Zones?
To go from there, I would suggest connecting to the device via SSH, and running the following command:

tcpdump -i qmimux0 icmp

This will allow you to monitor traffic on the mobile interface. Then connect to any of your BGP peers (or any device that has a route to RUTX50), and try pinging the RUTX50 mobile IP and RUTX50 LAN IP (192.168.1.1/24 by default). Do any of them respond to pings?

Best regards,

cjuma · March 3, 2025, 12:41pm

The masquerading flag is set to off.

After running command can only see traffic to the mobile wan interface and not to the LAN.

cjuma · March 3, 2025, 12:44pm

On Ping towards the Teltonika

Daumantas · March 3, 2025, 12:58pm

So just to clarify, when pinging the mobile interface IP address, you can see the packets coming into the router, but when pinging the LAN IP address nothing appears on the TCPdump?
In both cases the packets should appear on the WAN interface, as when the packets are headed to LAN, so if you can’t see them, I would suggest checking if the routes are populated correctly in the core network.

cjuma · March 4, 2025, 10:45am

The Routes are exchanged properly via BGP. but ping from LAN to LAN only works when traffic is sourced from the Teltonika End of connection. Could it be that Traffic from the Teltonika End is NAT’ed to the mobile IP. and thats why from the reverse cannot ping the LAN connected to Teltonika from the core side.

Daumantas · March 4, 2025, 11:19am

Hi,

Could you run the same TCPdump command from my last comment and check what source IP is used on ICMP packets when pinging from RUTX50 LAN? Please post the output here if you’re using private IP addresses. Thanks!

cjuma · March 4, 2025, 11:58am

Daumantas · March 5, 2025, 8:15am

Hi,

Just to clarify - the pings should be sent from LAN (e.g. PC connected to RUTX50), and simultaneously run the TCPdump command.